Rating:
Author: Chris Davis
ISBN : B001E6QW5G
New from $42.99
Format: PDF
Direct download links available Free IT Auditing: Using Controls to Protect Information Assets for everyone book with Mediafire Link Download Link
Protect Your Systems with Proven IT Auditing Strategies "A must-have for auditors and IT professionals." -Doug Dexter, CISSP-ISSMP, CISA, Audit Team Lead, Cisco Systems, Inc.
Plan for and manage an effective IT audit program using the in-depth information contained in this comprehensive resource. Written by experienced IT audit and security professionals, IT Auditing:Using Controls to Protect Information Assets covers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates. Inside, you'll learn how to analyze Windows, UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, you'll get up-to-date information on legal standards and practices, privacy and ethical issues, and the CobiT standard.
Build and maintain an IT audit function with maximum effectiveness and value
Implement best practice IT audit processes and controls
Analyze UNIX-, Linux-, and Windows-based operating systems
Audit network routers, switches, firewalls, WLANs, and mobile devices
Evaluate entity-level controls, data centers, and disaster recovery plans
Examine Web servers, platforms, and applications for vulnerabilities
Review databases for critical controls
- Use the COSO, CobiT, ITIL, ISO, and NSA INFOSEC methodologies
Implement sound risk analysis and risk management practices
Drill down into applications to find potential control weaknesses
Download latest books on mediafire and other links compilation Free IT Auditing: Using Controls to Protect Information Assets [Kindle Edition]
- File Size: 5074 KB
- Print Length: 387 pages
- Simultaneous Device Usage: Up to 4 simultaneous devices, per publisher limits
- Publisher: McGraw-Hill Osborne Media; 1 edition (December 22, 2006)
- Sold by: Amazon Digital Services, Inc.
- Language: English
- ASIN: B001E6QW5G
- Text-to-Speech: Enabled
X-Ray:
- Lending: Not Enabled
- Amazon Best Sellers Rank: #449,958 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
- #45
in Kindle Store > Kindle eBooks > Business & Investing > Industries & Professions > Accounting > Auditing
- #45
in Kindle Store > Kindle eBooks > Business & Investing > Industries & Professions > Accounting > Auditing
Free IT Auditing: Using Controls to Protect Information Assets
I have no experience with auditing in the formal sense described by IT Auditing. I am familiar with the technical aspects of host and network security, but I wanted to know more about the goals and views of those who audit enterprises from a security standpoint. IT Auditing succeeds when it discusses the profession of auditing but I found some of the technical details lacking. Therefore, I recommend focusing on chapters 1-3 and 12-15, while using the technical chapters as indicators for outside research.
Chapter 1 makes clear that IT Auditing is written for internal audit teams. The author argues that involvement is better than "independence," since adhering to the later business approach is a recipe for outsourcing the audit function. I liked the beginning and end of IT Auditing because they emphasized how internal audit teams should work with business IT functions. These chapters answered questions on whether or not audit should review and comment upon projects before completion (yes) and related "soft" topics.
The middle of IT Auditing concentrates on how to audit data centers, infrastructure, operating systems, Web servers, databases, applications, and wireless/mobile devices. I found these chapters less appealing. When I read "it's much more common to find SNMP Version 2 in most corporate environment" (sic, p 121) or see mention of "Universal Data Ports (UDPs)" (sic, p 172) I question the validity of the technical recommendations. Other examples include equating NAT with proxies (p 117) and the statement that "network vulnerability scanning... is probably the most important type of security discovery or monitoring in most environments" I begin to understand the horror stories I hear from some who are audited.
-
Download Link 2